If you maintain a server on the Internet, it's very likely you encountered one or more brute force attacks. Not a problem, just install fail2ban. Done.

But if you're running multiple servers, each of them running their fail2ban instance, they'll all have different IP addresses in the ban list. Wouldn't it be nice to have a shared ban list across all your fail2ban instances? Or in case all your machines are behind a router or firewall you control yourself, wouldn't it be nice to drop malicious traffic at the edge of your network?

sshguard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using one of several firewall backends, including iptables, ipfw, and pf.

Filet-O-Firewall Vulnerability: An attacker with a specially crafted website may cause a user who is running Chrome or Firefox with JavaScript enabled to make arbitrary UPnP requests to their firewall thereby opening their network to compromise.